Hosted GlitchTip Architecture Overview
The intention of this page is to inform users of hosted GlitchTip how it's deployed and potentially help with compliance needs.
Burke Software does not share user data with any third parties. We do rely on DigitalOcean for hosting and Cloudflare for our CDN.
Platform Architecture and Transparency
- User data is stored in Postgres using managed DigitalOcean Postgres service.
- This includes error data as sent by the Sentry SDK. Burke Software employees only inspect such data with explicit permission by end users and do so only for quality assurance purposes.
- Our database cluster is only available within our DigitalOcean Kubernetes cluster's "Trusted Source". It is not internet accessible.
- Authentication requires SSL and is stored in Kubernetes Secrets. Authentication information is not kept in any git repository.
- Our web servers are run in Kubernetes using managed DigitalOcean Kubernetes.
- Analytics are stores in Matomo hosted on a private DigitalOcean Ubuntu server.
- Web traffic passes through Cloudflare CDN
- This marketing page is served via GitLab Pages.
- Subscripts and payment are handled by Stripe. Burke Software does not store credit card information. Only subscription related information is sent to Stripe. Error data is not shared.
- Docker images used for both hosted GlitchTip and self-hosting are hosted on both GitLab and Docker Hub. These images are built in GitLab CI.
- Cookies are used for session based authenication and are required for using GlitchTip. Cookies are never shared with third parties.
- Event data is purged after 90 days. Users who wish to purge all account information should email email@example.com.
- Mozilla Observatory rates app.glitchtip.com as "A+". View report. To keep users safe, we utilize Content Security Policy, secure cookies, HTTPS, and HSTS.
- Burke Software employees are required to utilize Single Sign On via Google Apps and Two-Factor authentication when accessing privileged hosting services including DigitalOcean and GitLab version control systems.
- Authorization for hosting services is provisioned via Terraform in a private git repository. All permission requests are logged via git commits.
Need more information? Email us at firstname.lastname@example.org
Found a security vulnerabilty? Open a private issue on GitLab.